RFID News Round-Up for Feb. 17, 2016

It's a concept that Macy's has been promoting for a while, but this week there were additional news reports relative to the department store chain's Pick to the Last Unit (P2LU) strategy for Omnichannel order fulfillment.

The basic idea is simple: as retailers move to store-based fulfillment for on-line and mobile orders - a strategy Macy's has aggressively pursued in recent years - they have been reluctant to peg a given store to fill an order if the quantity shown in the perpetual inventory system is low.

Why? Because store perpetual inventories are notoriously inaccurate, risking that the item could not be found for shipment after the order was accepted.

Macy's has been an aggressive adopter of item-level RFID, driven it seems primarily by its interest in using store-level fulfillment.

Macy's has been rolling out its RFID program product by product, department by department. For example, in early 2014 Macy's reported it was using RFID on all shoe displays at 850 stores, which had allowed it to increase shoe display compliance with the planogram from 65-70% to nearly 100%.

With the RFID program's success and resulting confidence in its store inventories, Macy's will now allocate inventory for on-line orders even if the system shows that just one unit is available in a given store - thus the name "Pick to the Last Unit."

The benefits to Macy's will be several. Sales should increase, as they lone item can be sold on-line perhaps easier than waiting for a customer in-store. Macy's said that it has demonstrated this over the past year in a test with women's dresses, for which it found it could accurately fulfill on-line fashion orders from the last units for sale.

Another benefit is that these low inventory items will more likely to be sold at or near full price, versus the markdowns that are often necessary to move such low quantity items, a result also confirmed during the test with dresses. Finally, the system will inform store associates where the item is based on the last RFID cycle count taken, and allow them to find the item if it has moved since then by using handheld readers, both of which should reduce associate search times.

Perhaps surpassingly, "About 15% to 20% of inventory is accounted for by the last unit in the store," said Peter Longo, president of logistics and operations at Macy's. "It's a massive amount of budget, either marked down or not sold, and it is curable through RFID."

RFID Credit Cards - We're at Least are No Longer Worried about Hacking

As credit cards with embedded RFID chips were released over the past several years, there were many news reports about how easy it might be for a bad guy to electronically steal that credit card information by just walking near a consumer while carrying an RFID reader and picking off the data - credit card number, expiration date, security number, etc.

(See More Below)

Indeed, several local news stations did reports demonstrating how easy that hacking could be, and those reports were widely circulated. (See Local TV News Report Shows Just How Easy it Is to Capture RFID Credit Card Data.) Those reports in turn led to a small cottage industry of companies producing wallets and even apparel designed to block RFID reader signals - even though a small piece of aluminum foil would do the same job with very little cash outlay.

Well, it turns out all that may have been well overblown. The newer cards use a form of encryption in communications between the chip and the card reader. To steal that encrypted data would require what is called a "side channel attack" - and it's shall we say quite a bit more difficult to pull off than walking up with a hidden RFDI reader behind someone standing in a line at the hot dog stand.

"The idea in a side-channel attack is that a given execution of the cryptographic algorithm only leaks a slight amount of information," says Chiraag Juvekar, a graduate student in electrical engineering at MIT. "So you need to execute the cryptographic algorithm with the same secret many, many times to get enough leakage to extract a complete secret."

We're not sure how many thieves are willing to go through all that, but there are ways to thwart this data vulnerability. For example, some RFID chips reject password attempts after a number of failures and others regularly generate a new pair of password keys using random number generators to make them more difficult to guess.

But that leave the chips open to what are called "blackout" or "power glitch" attacks, in which…well, let's just say it is equally if not more technically complex than the side-channel attack methods.

But if you are still worried, news this week that Texas Instruments has produced a RFID chip based on designs from a group of MIT engineers that overcomes both side-channel attacks and power-glitch attacks in particular by providing the chip with an onboard power supply and a non-volatile memory, so it can't get electronic amnesia when switched off, which is key to the blackout method.

The new defense mechanisms mean cards with the chip will operate a bit more slowly than existing ones, but acceptably so, TI and MIT believe.

It turns out the security work may have benefits beyond RFID-enabled credit cards.

"We believe this research is an important step toward the goal of a robust, low-cost, low-power authentication protocol for the industrial Internet," said Ahmad Bahai, chief technology officer at Texas Instruments.

We here at SCDigest, at least, are now sleeping much better at night relative to our RFID charge cards.

Any reaction to either the Macy's or RFID credit card stories? Let us know your thoughts at the Feedback section below.